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Remarks 

Claims 1-10 and 26-45 are pending. 

Response to Arguments 

1 . Applicant's arguments filed 12/5/2005 have been fully considered but they are 
not persuasive. 

Applicant argues that Caputo teaches a system in which data is both 
authenticated and encrypted (or decrypted) in a single pass and SSLSspec discloses 
non-pre-padded network security protocol data, but that this combination isn't found in 
the prior art. Caputo does not teach pre-padding of data before sending it to the crypto 
chip, but he does teach that all authentication and cryptography operations will be 
performed on the chip (Column 5, lines 7-27). Since he also discloses use of DES 
(which uses padding), the crypto chip of Caputo must perform the padding for DES. 
Caputo teaches sending data to be authenticated and encrypted to the crypto chip; then 
the chip will perform authentication operations (MAC) on the data and, subsequently, 
encrypt the data, all in one pass through the chip. SSLSspec teaches how to 
authenticate and encrypt using SSL, including padding for encryption using block cipher 
algorithms (Page 9, Section 4.7). This means that within the combination of Caputo as 
modified by SSLSspec, the data will be sent to the chip, hashed to form a MAC, padded 
as needed for the particular algorithm, then encrypted and transmitted. 

Applicant argues that Kaplan makes no mention of aligning data after it has been 
authenticated. Caputo discloses hashing the data, then encrypting the data along with 
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the hashed data (Column 11, line 60 to Column 12, line 13). The data/hash combo is 
then sent for encryption processing. Kaplan discloses padding of data that is to 
undergo encryption, which in this combination, is the data/hash combo. 

A new ground of rejection has been made for claim 32; namely Caputo in view of 
SSL3spec, further in view of Ganapathy (U.S. Patent 6,557,096). This new ground of 
rejection was necessitated by amendment. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not Identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 2, 8-10, 26, 31, and 42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Caputo (U.S. Patent 5,778,071) in view of SSL3spec (Freier et al., 
"The SSL Protocol Version 3.0". 11/18/1996, pp. 1-12, obtained from 
http://wp.netscape.com/eng/ssl3/draft302.txt). 
Regarding Claim 1, 

Caputo discloses a method of processing network security protocol 
data packets, comprising: 

Providing a cryptography processing architecture on a chip 
(Column 17, line 57 to Column 18, line 9); 
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Passing network security protocol data for both authentication and 
cryptography operations from a source to the chip (Column 15, lines 25- 
30); 

Conducting, in hardware, authentication and encryption operations 
on the network security protocol data (Column 17, line 57 to Column 18, 
line 9); and 

Passing the crypto-processed network security protocol data from 
the chip to the source (Column 15, lines 25-30); 

Wherein the network security protocol data is passed between the 
chip and the source in a single pass (Column 17, line 57 to Column 18, 
line 9). 

Caputo does not disclose that the network security protocol data is 
non-pre-padded. 

SSL3spec, however, discloses that the data is non-pre-padded 
network security protocol data (Pages 3-4, Section 1; and Page 10, 
Section 5.0). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to incorporate the network security 
protocol of SSL3spec into the crypto device of Caputo in order to gain 
cryptographic security between two parties and interoperability between 
differently coded programs (Page 4, Sections 2.1, 2.2, and 2.3). 
Regarding Claim 2, 



Application/Control Number: 09/929,178 Page 5 

Art Unit: 2137 

Caputo as modified by SSLSspec discloses the method of claim 1 , 
in addition, SSLSspec discloses that the network security protocol is SSL 
(v3) (Pages 3-4, Section 1; and Page 10, Section 5.0). 

Regarding Claim 8, 

Caputo as modified by SSLSspec discloses the method of claim 1 , 
in addition, Caputo discloses that conducting, in hardware, authentication 
and encryption operations on the network security protocol data comprises 
feeding back a MAC value calculated during authentication operations for 
processing in the encryption operations (Column 11, line 60 to Column 12, 
line 13; and Column 18, lines 1-9). 

Regarding Claim 9, 

Caputo as modified by SSLSspec discloses the method of claim 1 , 
in addition, Caputo discloses that the encryption operations further include 
decryption operations (Column 17, lines 57-67). 

Regarding Claim 10, 

Caputo as modified by SSLSspec discloses the method of claim 9, 
in addition, Caputo discloses that conducting, in hardware, authentication 
and decryption operations on the network security protocol data comprises 
feeding back decrypted data for processing in the authentication 
operations (Column 11, line 60 to Column 12, line 13; and Column 17, 
lines 57-67). 

Regarding Claim 26, 
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Caputo discloses a method of processing network security protocol 
data packets, comprising: 

Receiving, at a chip, security protocol data for both authentication 
and cryptography operations from a source (Column 15, lines 25-30); 

Aligning, at the chip, the received network security protocol data to 
provide aligned network security protocol data (Column 9, lines 46-61); 

Conducting, at the chip, authentication operations and at least one 
of encryption operations and decryption operations on the aligned network 
security protocol data to provide processed network security protocol data 
(Column 17, line 57 to Column 18, line 9); and 

Passing the processed network security protocol data from the chip 
to the source (Column 15, lines 25-30); 

Wherein the network security protocol data is passed between the 
chip and the source in a single pass (Column 17, line 57 to Column 18, 
line 9). 

Caputo does not disclose that the network security protocol data is 
non-pre-padded. 

SSLSspec, however, discloses that the data is non-pre-padded 
network security protocol data (Pages 3-4, Section 1; and Page 10, 
Section 5.0). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to incorporate the network security 
protocol of SSL3spec into the crypto device of Caputo in order to gain 
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cryptographic security between two parties, interoperability between 
differently coded programs, and extensibility to other protocols and 
methods (Page 4, Sections 2.1, 2.2, and 2.3). 
Regarding Claim 31, 

Caputo as modified by SSL3spec discloses the method of claim 26, 
in addition, Caputo discloses that the authentication operations comprise 
authenticating at least a portion of the aligned network security protocol 
data (Column 11, line 60 to Column 12, line 13). 
Regarding Claim 42, 

Caputo as modified by SSLSspec discloses the method of claim 1 , 
in addition, Caputo discloses that the non-pre-padded network security 
protocol data is passed across a non-dedicated data bus in a single pass 
(Column 6, lines 41-61). The non-dedicated data bus is the computer's 
PCMCIA bus, which isn't dedicated to the encryption/authenticating 
device. 

3. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo in 
view of SSL3spec, further in view of TLSspec (Dierks et al., "The TLS Protocol Version 
1.0", 10/28/1997, pp. 1-12, obtained from http://ww.umk.pl/-mgw/internet-drafts/draft- 
ietf-tls-protocol-04.txt). 

Caputo as modified by SSL3spec does not disclose the TLS protocol. 
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TLSspec, however, discloses that the network security protocol is TLS 
(Pages 3-4, Section 1). It would have been obvious to one of ordinary skill in the 
art at the time of applicants invention to incorporate the network security protocol 
of TLSspec into the crypto device of Caputo as modified by SSL3spec in order to 
gain extensibility to other protocols and methods (Pages 4-5, Sections 2.1, 2,2, 
and 2.3), 



4. Claims 4-7, 29, 30, 33, 35-41, and 43-45 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Caputo in view of SSL3spec, further in view of Kaplan (U.S. 
Patent 6,704,871). 

Regarding Claim 4, 

Caputo as modified by SSL3spec does not disclose simultaneously 
with conducting the cryptography operations on the network security 
protocol data, pre-loading network security protocol data from a second 
non-pre-padded network security protocol packet onto the chip. 

Kaplan, however, discloses simultaneously with conducting the 
cryptography operations on the network security protocol data, pre-loading 
network security protocol data from a second non-pre-padded network 
security protocol packet onto the chip (Column 37, lines 47-58). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the crypto chip of Kaplan into the 
crypto device of Caputo as modified by SSL3spec in order to obtain fast 



Application/Control Number: 09/929,178 Page 9 

Art Unit: 2137 

processing through paralleled and pipelined operations and to facilitate 
peak encrypt/decrypt performance (Column 41, lines 17-19). 
Regarding Claim 5, 

Caputo as modified by SSLSspec and Kaplan discloses the method 
of claim 4, in addition, Kaplan discloses simultaneously with conducting 
the encryption operations on the network security protocol data, 
conducting in hardware, authentication operations on the network security 
protocol data from the second network security protocol packet (Column 
37, lines 47-58). 
Regarding Claim 6, 

Caputo as modified by SSL3spec does not disclose that 
conducting, in hardware, authentication and encryption operations on the 
non-pre-padded network security protocol data comprises conducting 
padding and alignment operations on the chip. 

Kaplan, however, discloses that conducting, in hardware, 
authentication and encryption operations on the non-pre-padded network 
security protocol data comprises conducting padding and alignment 
operations on the chip (Column 41 , lines 16-51). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention 
to incorporate the crypto chip of Kaplan into the crypto device of Caputo 
as modified by SSL3spec in order to obtain fast processing through 
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paralleled and pipelined operations and to facilitate peak encrypt/decrypt 
performance (Column 41, lines 17-19). 
Regarding Claim 7, 

Caputo as modified by SSLSspec and Kaplan discloses the method 
of claim 6, in addition, Kaplan discloses that a calculation of a pad length 
for padding operations is conducted by a pad engine component of the 
chip architecture (Column 41, line 16 to Column 42, line 3). 
Regarding Claim 29, 

Caputo as modified by SSL3spec discloses the method of claim 26, 
in addition, Caputo discloses storing the aligned network security protocol 
data in a FIFO to accumulate a predefined amount of data before 
commencing the authentication operations and the at least one of 
encryption operations and decryption operations (Column 9, lines 46-61). 

Kaplan also discloses storing the aligned network security protocol 
data in two FIFOs (one for cryptographic operations and one for 
authentication operations) to accumulate a predefined amount of data 
before commencing the authentication operations and the at least one of 
encryption operations and decryption operations (Column 38, lines 50-57). 
Regarding Claim 30, 

Caputo as modified by SSL3spec and Kaplan discloses the method 
of claim 29, in addition, Kaplan discloses that the predefined amount of 
data comprises 512 bits (Column 38, lines 50-57). 
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Regarding Claim 33, 

Caputo as modified by SSL3spec does not disclose aligning, for 
encryption operations, at least a portion of the received non-pre-padded 
network security protocol data and the authenticated at least a portion of 
the aligned network security protocol data to provide the aligned network 
security protocol data for the encryption operations. 

Kaplan, however, discloses aligning, for encryption operations, at 
least a portion of the received non-pre-padded network security protocol 
data and the authenticated at least a portion of the aligned network 
security protocol data to provide the aligned network security protocol data 
for the encryption operations (Column 39, lines 26-42). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the crypto chip of Kaplan into the crypto device of 
Caputo as modified by SSL3spec in order to obtain fast processing 
through paralleled and pipelined operations and to facilitate peak 
encrypt/decrypt performance (Column 41, lines 17-19). 
Regarding Claim 35, 

Caputo as modified by SSL3spec and Kaplan discloses the method 
of claim 33, in addition, Kaplan discloses that aligning, for encryption 
operations, comprises padding (Column 39, lines 26-37). 
Regarding Claim 36, 
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Caputo as modified by SSLSspec does not disclose storing the 
aligned network security protocol data for the encryption operations in a 
FIFO to accumulate a predefined amount of data before commencing the 
encryption operations. 

Kaplan, however, discloses storing the aligned network security 
protocol data for the encryption operations in a FIFO to accumulate a 
predefined amount of data before commencing the encryption operations 
(Column 40, lines 43-52). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the crypto 
chip of Kaplan into the crypto device of Caputo as modified by SSL3spec 
in order to obtain fast processing through paralleled and pipelined 
operations and to facilitate peak encrypt/decrypt performance (Column 41, 
lines 17-19). 
Regarding Claim 37, 

Caputo as modified by SSL3spec does not disclose aligning, within 
a decryption path, the received non-pre-padded network security protocol 
data to provide the aligned network security protocol data for the 
decryption operations. 

Kaplan, however, discloses aligning, within a decryption path, the 
received non-pre-padded network security protocol data to provide the 
aligned network security protocol data for the decryption operations 
(Column 39, lines 26-42). It would have been obvious to one of ordinary 
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skill in the art at the time of applicant's invention to incorporate the crypto 
chip of Kaplan into the crypto device of Caputo as modified by SSL3spec 
in order to obtain fast processing through paralleled and pipelined 
operations and to facilitate peak encrypt/decrypt performance (Column 41 , 
lines 17-19). 

Regarding Claim 38, 

Caputo as modified by SSL3spec and Kaplan discloses the method 
of claim 37, in addition, Caputo discloses decrypting the aligned network 
security protocol data for the decryption operations and providing at least 
a portion of the decrypted data for the authentication operations (Column 
17, lines 57-67). 

Regarding Claim 39, 

Caputo as modified by SSL3spec and Kaplan discloses the method 
of claim 38, in addition, Kaplan discloses aligning the at least a portion of 
the decrypted data for the authentication operations (Column 41 , lines 16- 
51). 

Regarding Claim 40, 

Caputo as modified by SSL3spec does not disclose performing at 
least a portion of the authentication operations and at least a portion of the 
encryption operations and decryption operations in parallel. 

Kaplan, however, discloses performing at least a portion of the 
authentication operations and at least a portion of the encryption 
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operations and decryption operations in parallel (Column 37, lines 47-58). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the crypto chip of Kaplan into the 
crypto device of Caputo as modified by SSL3spec in order to obtain fast 
processing through paralleled and pipelined operations and to facilitate 
peak encrypt/decrypt performance (Column 41, lines 17-19). 

Regarding Claim 41, 

Caputo as modified by SSL3spec discloses the method of claim 1, 
in addition, Caputo discloses performing all authentication and crypto 
operations on the chip, to enable the non-pre-padded network security 
protocol data to be passed in a single pass (Column 5, lines 7-27); and 
SSL3spec discloses that the crypto operations include aligning and 
padding (Page 9, Section 4.7). 

Caputo also discloses aligning and padding the non-pre-padded 
network security protocol data on the chip to enable to non-pre-padded 
network security protocol data to be passed in a single pass (Column 39, 
lines 25-42). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to incorporate the crypto chip of Kaplan 
into the crypto device of Caputo as modified by SSL3spec in order to 
obtain fast processing through paralleled and pipelined operations and to 
facilitate peak encrypt/decrypt performance (Column 41, lines 17-19). 

Regarding Claim 43, 
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Caputo as modified by SSLSspec discloses the method of claim 1, 
in addition, Caputo discloses performing all authentication and crypto 
operations on the chip, cryptographically processing the packet portions 
and outputting the cryptographically processed packet portions from the 
chip in a single pass over a data bus (Column 5, lines 7-27; and Column 
17, line 57 to Column 18, line 9); and SSLSspec discloses that the crypto 
operations include aligning and padding before (Page 9, Section 4.7). 

Caputo also discloses receiving all the packet portions by the chip, 
padding and aligning the packet portions, cryptographically processing the 
packet portions, and outputting the cryptographically processed packet 
portions from the chip in a single pass (Column 38, lines 58-62; Column 
39, lines 25-42; and Figure 9). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the crypto chip of Kaplan into the crypto device of Caputo as modified by 
SSL3spec in order to obtain fast processing through paralleled and 
pipelined operations and to facilitate peak encrypt/decrypt performance 
(Column 41, lines 17-19). 
Regarding Claim 44, 

Caputo as modified by SSLSspec discloses the method of claim 1, 
in addition, Caputo discloses that authentication data is generated is 
passed for encryption (Column 11, line 60 to Column 12, line 13; and 
Column 17, line 57 to Column 18, line 9). Caputo as modified by 
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SSLSspec does not disclose separate data authentication and encryption 
components. 

Kaplan, however, discloses that the authentication operations are 
performed by an authentication component (Column 42, lines 12-29; and 
Figure 9); 

The encryption operations are performed by an encryption 
component (Column 40, line 42 to Column 41, line 15; and Figure 9); and 

Authentication data generated by the authentication component is 
passed to the encryption component and aligned by the encryption 
component (Column 38, lines 58-62; and Column 39, lines 25-42). 

It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the crypto chip of Kaplan into 
the crypto device of Caputo as modified by SSL3spec in order to obtain 
fast processing through paralleled and pipelined operations and to 
facilitate peak encrypt/decrypt performance (Column 41, lines 17-19). 
Regarding Claim 45, 

Caputo as modified by SSL3spec discloses the method of claim 1, 
in addition, Caputo discloses that decrypted data is generated and is 
passed for authentication (Column 11, line 60 to Column 12, line 13; and 
Column 17, line 57 to Column 18, line 9). Caputo as modified by 
SSL3spec does not disclose separate encryption and data authentication 
components. 
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Kaplan, however, discloses that the authentication operations are 
performed by an authentication component (Column 42, lines 12-29; and 
Figure 9); 

The encryption operations are performed by an encryption 
component (Column 40, line 42 to Column 41 , line 1 5; and Figure 9); and 

Decrypted data generated by the encryption component is passed 
to the authentication component and aligned by the authentication 
component (Column 38, lines 58-62; and Column 39, lines 25-42). 

It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the crypto chip of Kaplan into 
the crypto device of Caputo as modified by SSL3spec in order to obtain 
fast processing through paralleled and pipelined operations and to 
facilitate peak encrypt/decrypt performance (Column 41, lines 17-19). 

5. Claims 27 and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Caputo in view of SSL3spec, further in view of Gaytan (U.S. Patent 5,638,367). 
Regarding Claim 27, 

Caputo as modified by SSL3spec does not disclose removing non- 
valid data from the received data. 

Gaytan, however, discloses removing non-valid data from the 
received data (Column 1 , line 62 to Column 2, line 29). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 



Application/Control Number: 09/929,178 Page 18 

Art Unit: 2137 

invention to incorporate the data packing system of Gaytan into the crypto 
device of Caputo as modified by SSL3spec in order to gain better 
throughput and performance by only sending valid data past the buffer. 
Regarding Claim 28, 

Caputo as modified by SSLSspec does not disclose packing the 

data. 

Gaytan, however, discloses packing the data (Column 1, line 62 to 
Column 2, line 29). It would have been obvious to one of ordinary skill In 
the art at the time of applicant's invention to incorporate the data packing 
system of Gaytan into the crypto device of Caputo as modified by 
SSLSspec in order to gain better throughput and performance by only 
sending valid data past the buffer. 

6. Claim 32 is rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo 
in view of SSL3spec, further in view of Ganapathy (U.S. Patent 6,557,096). 

Caputo as modified by SSL3spec discloses the method of claim 31 , in 
, addition, SSL3spec discloses that the at least a portion of the aligned network 
security protocol data comprises Content Type, Length, and Data (Page 10, 
Section 5.0). Caputo as modified by SSL3spec does not disclose that the data is 
aligned into rows of data where each row of data contains a single type of data. 

Ganapathy, however, discloses that the data is aligned into rows of data 
where each row of data contains a single type of data (Column 17, lines 38-55; 
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Column 19, line 35 to Column 20, line 25; and Figure 12). It would have been 
obvious to one of ordinary skill In the art at the time of applicant's invention to 
incorporate the data aligner of Ganapathy Into the crypto device of Caputo as 
modified by SSL3spec in order to properly align and format the data before 
sending it for mathematical (in this case, authentication and 
encryption/decryption) operations, so that the data has any needed sign and 
guard bits pre-pended thereto. 

7. Claim 34 is rejected under 35 U.S.C. 103(a) as being unpatentable over Caputo 

in view of SSLSspec and Kaplan, further in view of Gaytan. 

Caputo as modified by SSL3spec and Kaplan does not disclose that 
aligning comprises removing non-valid data. 

Gaytan, however, discloses that aligning comprises removing non-valid 
data (Column 1, line 62 to Column 2, line 29). It would have been obvious to one 
of ordinary skill in the art at the time of applicant's invention to Incorporate the 
data packing system of Gaytan Into the crypto device of Caputo as modified by 
SSL3spec In order to gain better throughput and performance by only sending 
valid data past the buffer. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 
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Information regarding the status of an application may be obtained from the 
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